0003-Send-a-security-notification-when-a-user-s-password-.patch

Jan from Planio www.plan.io, 2015-12-13 08:13

Download (4.03 KB)

View differences:

app/controllers/account_controller.rb
73 73
        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 74
        if @user.save
75 75
          @token.destroy
76
          Mailer.security_notification(@user,
77
            message: :mail_body_security_notification_change,
78
            field: :field_password,
79
            title: :button_change_password,
80
            url: {controller: 'my', action: 'password'}
81
          ).deliver
76 82
          flash[:notice] = l(:notice_account_password_updated)
77 83
          redirect_to signin_path
78 84
          return
app/controllers/my_controller.rb
105 105
        if @user.save
106 106
          # The session token was destroyed by the password change, generate a new one
107 107
          session[:tk] = @user.generate_session_token
108
          Mailer.security_notification(@user,
109
            message: :mail_body_security_notification_change,
110
            field: :field_password,
111
            title: :button_change_password,
112
            url: {controller: 'my', action: 'password'}
113
          ).deliver
108 114
          flash[:notice] = l(:notice_account_password_updated)
109 115
          redirect_to my_account_path
110 116
        end
test/functional/account_controller_test.rb
372 372
  end
373 373
  def test_post_lost_password_with_token_should_change_the_user_password
374
    ActionMailer::Base.deliveries.clear
374 375
    user = User.find(2)
375 376
    token = Token.create!(:action => 'recovery', :user => user)
......
380 381
    user.reload
381 382
    assert user.check_password?('newpass123')
382 383
    assert_nil Token.find_by_id(token.id), "Token was not deleted"
384
    assert_not_nil (mail = ActionMailer::Base.deliveries.last)
385
    assert_select_email do
386
      assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password'
387
    end
383 388
  end
384 389
  def test_post_lost_password_with_token_for_non_active_user_should_fail
test/functional/my_controller_test.rb
193 193
    assert_redirected_to '/my/account'
194 194
  end
195
  def test_change_password_should_send_security_notification
196
    ActionMailer::Base.deliveries.clear
197
    post :password, :password => 'jsmith',
198
                    :new_password => 'secret123',
199
                    :new_password_confirmation => 'secret123'
200

  
201
    assert_not_nil (mail = ActionMailer::Base.deliveries.last)
202
    assert_mail_body_no_match 'secret123', mail # just to be sure: pw should never be sent!
203
    assert_select_email do
204
      assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password'
205
    end
206
  end
207

  
195 208
  def test_page_layout
196 209
    get :page_layout
197 210
    assert_response :success
198
-